In Depth
Seven Deadly Sins of Social Networking Security
To users of LinkedIn, Facebook, Myspace, Twitter or all of the above: Are you guilty of one of these security oversights?
By Bill Brenner, Senior Editor
Believing he/she who dies with the most connections wins
For some social networkers, it's all about accumulating as many connections as possible. Folks on LinkedIn are notorious for doing this, especially those in such LinkedIn groups as TopLinked and LION. This may seem harmless enough or, at the worst, just annoying. But when the name of the game is quantity over quality, it's easy to link or "friend" a scam artist, terrorist or identity thief.
"Always verify the person who wants to get in contact with you," says Ruud van den Bercken, a security specialist at XS4ALL Internet in the Netherlands. "Do you know him or her? If not, why is the person trying to connect with you? Check if the profile of the other person is secured. If you can't retrieve a list of that person's connections, you have to ask yourself" if you really want to go down that road.
As San Francisco-based network and security architect/engineer Jatinder Thukral puts it: "I'd rather have 50 relevant contacts than 500 unknowns."
Password sloth
Another common sin is one of laziness, in this case picking passwords for your social networks that you're least likely to forget. In many cases, that means using the same password for LinkedIn and Facebook that you're using for your online bank account or work machine. If someone with malicious intent figures out the password for one social network, that person can now go and access everything else.
"Using the same password on several sites is like trusting the weakest link in a chain to carry the same weight. Every site has vulnerabilities, plan for them to be exploited," says Daniel Philpott, information security engineer at OnPoint Consulting Inc.
Trigger finger (clicking everything, especially on Facebook)
Facebook in particular is notorious as a place where inboxes are stuffed with everything from drink requests to cause requests. For some social networkers, clicking on such requests is as natural as breathing. Unfortunately, the bad guys know this and will send you links that appear to be from legitimate friends. Open the link and you're inviting a piece of malware to infect your machine. Christophe Veltsos, president of Prudent Security, describes this as being "click-happy" and warns, "Don't click unless you're ready to deal with drive-by downloads and zero-day attacks."
Endangering yourself and others
All of the above tie into the seventh and perhaps most serious sin, which is that reckless social networking can literally put someone's life in danger. It could be a relative or co-worker. Or it could be yourself.
Seven Deadly Sins
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
